Executive Summary: A hacker who stole millions of South Carolina tax returns did it via two different ways. Someone from the South Carolina Department of Revenue opened a file that allowed access to the system. The second factor that allowed the hacker to gain access to all the tax returns was that the South Carolina Department of Revenue was using unsecured, third party software. The hacker stole someone’s credentials to then gain access to the information. The article goes on to talk about how 3.8 million tax returns have been stolen. Since the breach the South Carolina Department of Revenue has given away free credit monitoring to around 700,000 people. Many people including the leader of the South Carolina Association of Taxpayers are questioning the Department of Revenue’s spending in the past and saying that the money spent to deal with this disaster could have easily been allocated to prevent this attack.
Analysis: This article analyzes many different topics that we have discussed in class. The hacker in this article basically phished his way into the system. The article stated that nearly 250 employees had credentials for the system. All it took was for one of the South Carolina Department of Revenue’s employees to slip up and allow someone without credentials to access the database. This is a classic weakest link scenario. It only took one out of the 250 employees to allow for the phishing attack to occur. Even though the other 249 employees did not allow for the attack it only takes 1. The second way the hacker accessed the attack should not be even a thought at such a confidential entity. The South Carolina Department of Revenue’s should not be using an unsecured third party software. This is low hanging fruit that could have easily been avoided. At such an important place they should be using a secure network to not allow unwanted hackers to access their database.
A hacker who stole millions of South Carolina tax returns did it via two different ways. Someone from the South Carolina Department of Revenue opened a file that allowed access to the system. The second factor that allowed the hacker to gain access to all the tax returns was that the South Carolina Department of Revenue was using unsecured, third party software. The hacker stole someone’s credentials to then gain access to the information. The article goes on to talk about how 3.8 million tax returns have been stolen. Since the breach the South Carolina Department of Revenue has given away free credit monitoring to around 700,000 people. Many people including the leader of the South Carolina Association of Taxpayers are questioning the Department of Revenue’s spending in the past and saying that the money spent to deal with this disaster could have easily been allocated to prevent this attack.
Analysis:
This article analyzes many different topics that we have discussed in class. The hacker in this article basically phished his way into the system. The article stated that nearly 250 employees had credentials for the system. All it took was for one of the South Carolina Department of Revenue’s employees to slip up and allow someone without credentials to access the database. This is a classic weakest link scenario. It only took one out of the 250 employees to allow for the phishing attack to occur. Even though the other 249 employees did not allow for the attack it only takes 1. The second way the hacker accessed the attack should not be even a thought at such a confidential entity. The South Carolina Department of Revenue’s should not be using an unsecured third party software. This is low hanging fruit that could have easily been avoided. At such an important place they should be using a secure network to not allow unwanted hackers to access their database.